The Trusted Insider Threat
Malicious insiders are those who have privileged access to information, technology or assets, and who deliberately exploit their access in ways that compromise commercial or national interests.
The Managing the insider threat to your business handbook defines the malicious trusted insider threat “… as the threat posed by unauthorised access, use or disclosure of privileged information, techniques, technology, assets or premises by an individual with legitimate or indirect access, which may cause harm.”
Reputation damage is a serious risk regarding unlawful distribution of sensitive and private information to unauthorised parties.
The motivations of a malicious trusted insider vary, as the Deputy Director-General of ASIO explained at a conference in 2015, “…when we talk about malicious insiders, we are talking about individuals who, with a range of motivations, betray the trust of their employer. Research has shown that motivations for such betrayal vary widely. But they are fundamentally personal - such as disgruntlement, revenge, ego, a sense of the misguided greater good or loyalties, or financial gain.”
Insiders can also pose an unintentional threat, such as assisting someone to access physical facilities or information systems without realising that what they are passing on may hold significant value and may be used for malicious purposes.
This often happens when employees lack security awareness or fail to follow correct security protocols. Trusted insiders present a threat whether acting independently with a specific agenda and intent or act by assisting external parties; they are not necessarily predisposed to undertakings that go against the policies of an organisation.
Insider threats are often more difficult to identify and block than outside attacks.
For instance, a former employee using an authorised login won’t raise the same security flags as an outside attempt to gain access to a company’s information security network. For this reason, insider threats are not always detected before access is granted or damage is done.
Opportunism, compounded by circumstance, may turn an otherwise trustworthy person into someone who seeks to deliberately steal or harm an organisation and/or its assets.
Of note is that trusted insider threats often begin with an individual or entity being given authorised access to sensitive data or areas of a company’s network. This access is granted in order to enable the individual to perform specific job duties or facilitate a contractual obligation. When an individual makes the decision to use this access in ways other than intended – abusing privileges with malicious intent towards the entity – that individual becomes an insider threat.
Australia is not immune from the current, enduring and emerging threat of trusted insider attacks.
Ideology can motivate insider threats. Current employees can also become malicious as a result of some real or perceived grievance, or after being recruited by an external threat actor, such as an Issue Motivated group or organise crime seeking to gain sensitive information. Also, such insiders could become opposed to some aspect of their employment, or they could intentionally join an organisation that aims to harm it.
The same holds true for financially motivated insiders, far more common than those driven by ideology. There have been many cases of employees trying to sell proprietary information for personal gain or giving that information to a competitor in exchange for a job.
Organised crime networks could benefit greatly by having inside sources embedded long-term within a targeted entity.
Finally, ASIO recently informed a parliamentary inquiry that the organisation requires sweeping new national security laws as the threat posed by foreign espionage is worse than during the cold war; adding that there was a “pervasive” threat of foreign actors seeking to influence Australian society.
Contact us to learn more about the very real risks associated with trusted insiders and how we can assist in protecting your business-related or private information from unauthorised access and compromise.